The Truffle Security Co. was founded by career security experts. Security is our passion and our primary concern, and all features are developed with best practices in mind.
We develop secret scanning software while adhering to these best practices:
Single sign-on
Authenticate with secure SAML 2.0 or OAuth 2.0 workflows for users so your never have to worry about username and password breaches.
Isolated environments
Each customer’s installation of TruffleHog is hosted in its own private environment with an isolated database instance, which is encrypted at rest.
Randomly generated credentials
Every deployment of TruffleHog receives randomly-generated and securely stored infrastructure credentials.
No 3rd-party communication
The details of your findings are never sent to third parties.
In-memory scanning
Scanning for secrets occurs in memory so that the scanned data is never persisted to storage.
Automatic deployments and updates
Deployments and updates are automatic and behind the scenes, so you’re always using the latest and greatest.
On-prem or cloud
You can run from our secure and isolated servers, or run your own. With our on-premise scanners, you can scan sources on your internal network, scan in-region to reduce bandwidth costs, and ensure your source credentials never leave your infrastructure with a local configuration.
And most importantly,
We never store your secrets.
Honestly, it'd be easier if we did—but easier doesn't make it right. The decision to never store your secrets is fundamental to the design of TruffleHog. We only store metadata about where a secret is found and redacted information about the credential.
